/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
OPT_RAND, OPT_DSAPARAM, OPT_C, OPT_2, OPT_5
} OPTION_CHOICE;
-OPTIONS dhparam_options[] = {
+const OPTIONS dhparam_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
BIO *in = NULL, *out = NULL;
DH *dh = NULL;
char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
+ ENGINE *e = NULL;
#ifndef OPENSSL_NO_DSA
int dsaparam = 0;
#endif
outfile = opt_arg();
break;
case OPT_ENGINE:
- (void)setup_engine(opt_arg(), 0);
+ e = setup_engine(opt_arg(), 0);
break;
case OPT_CHECK:
check = 1;
argc = opt_num_rest();
argv = opt_rest();
- if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
+ if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
goto end;
if (g && !num)
} else
# endif
{
- if (informat == FORMAT_ASN1)
+ if (informat == FORMAT_ASN1) {
+ /*
+ * We have no PEM header to determine what type of DH params it
+ * is. We'll just try both.
+ */
dh = d2i_DHparams_bio(in, NULL);
- else /* informat == FORMAT_PEM */
+ /* BIO_reset() returns 0 for success for file BIOs only!!! */
+ if (dh == NULL && BIO_reset(in) == 0)
+ dh = d2i_DHxparams_bio(in, NULL);
+ } else {
+ /* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+ }
if (dh == NULL) {
BIO_printf(bio_err, "unable to load DH parameters\n");
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
- printf("p value is not prime\n");
+ BIO_printf(bio_err, "WARNING: p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- printf("p value is not a safe prime\n");
+ BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
+ if (i & DH_CHECK_Q_NOT_PRIME)
+ BIO_printf(bio_err, "WARNING: q value is not a prime\n");
+ if (i & DH_CHECK_INVALID_Q_VALUE)
+ BIO_printf(bio_err, "WARNING: q value is invalid\n");
+ if (i & DH_CHECK_INVALID_J_VALUE)
+ BIO_printf(bio_err, "WARNING: j value is invalid\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- printf("unable to check the generator value\n");
+ BIO_printf(bio_err,
+ "WARNING: unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
- printf("the g value is not a generator\n");
+ BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
if (i == 0)
- printf("DH parameters appear to be ok.\n");
+ BIO_printf(bio_err, "DH parameters appear to be ok.\n");
+ if (num != 0 && i != 0) {
+ /*
+ * We have generated parameters but DH_check() indicates they are
+ * invalid! This should never happen!
+ */
+ BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
+ goto end;
+ }
}
if (C) {
unsigned char *data;
int len, bits;
- BIGNUM *pbn, *gbn;
+ const BIGNUM *pbn, *gbn;
len = DH_size(dh);
bits = DH_bits(dh);
}
if (!noout) {
- BIGNUM *q;
+ const BIGNUM *q;
DH_get0_pqg(dh, NULL, &q, NULL);
- if (outformat == FORMAT_ASN1)
- i = i2d_DHparams_bio(out, dh);
- else if (q != NULL)
+ if (outformat == FORMAT_ASN1) {
+ if (q != NULL)
+ i = i2d_DHxparams_bio(out, dh);
+ else
+ i = i2d_DHparams_bio(out, dh);
+ } else if (q != NULL) {
i = PEM_write_bio_DHxparams(out, dh);
- else
+ } else {
i = PEM_write_bio_DHparams(out, dh);
+ }
if (!i) {
BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err);
BIO_free(in);
BIO_free_all(out);
DH_free(dh);
+ release_engine(e);
return (ret);
}
projects / openssl.git / blobdiff